Fortinet Fortisandboxcloud
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Fortinet Fortisandboxcloud.
By the Year
In 2026 there have been 3 vulnerabilities in Fortinet Fortisandboxcloud with an average score of 7.3 out of ten. Last year, in 2025 Fortisandboxcloud had 2 security vulnerabilities published. That is, 1 more vulnerability have already been reported in 2026 as compared to last year. However, the average CVE base score of the vulnerabilities in 2026 is greater by 1.83.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 3 | 7.33 |
| 2025 | 2 | 5.50 |
It may take a day or so for new Fortisandboxcloud vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Fortinet Fortisandboxcloud Security Vulnerabilities
FortiSandbox 4.4.x-5.0.x Path Traversal (../filedir) Privilege Escalation
CVE-2026-39813
9.1 - Critical
- April 14, 2026
A path traversal: '../filedir' vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8 may allow attacker to escalation of privilege via <insert attack vector here>
Path Traversal: '../filedir'
FortiSandbox 4.2-5.0.5 Path Traversal Enables Privileged Directory Delete via CLI
CVE-2026-25691
6.2 - Medium
- April 14, 2026
A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox Cloud 5.0.4, FortiSandbox PaaS 5.0.4 may allow a privileged attacker with super-admin profile and CLI access to delete an arbitrary directory via HTTP crafted requests.
Directory traversal
FortiSandbox Cloud 5.0.4 OS Command Injection via HTTP (RTD)
CVE-2026-25836
6.7 - Medium
- March 10, 2026
An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox Cloud 5.0.4 may allow a privileged attacker with super-admin profile and CLI access to execute unauthorized code or commands via crafted HTTP requests.
Shell injection
FortiSandbox 5.0.05.0.2 / <4.4.7 GUI OS Command Injection via HTTP(S)
CVE-2025-53679
6.9 - Medium
- December 09, 2025
An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.2, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions, FortiSandbox Cloud 24.1, FortiSandbox Cloud 23 all versions allows a remote privileged attacker to execute unauthorized code or commands via crafted HTTP or HTTPS requests.
Shell injection
SQLi in FortiSandbox 3.0-4.4.6 (v23.4) via crafted HTTP
CVE-2024-54026
4.1 - Medium
- March 11, 2025
An improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiSandbox 4.4.0 through 4.4.6, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions, FortiSandbox 3.2 all versions, FortiSandbox 3.1 all versions, FortiSandbox 3.0 all versions, FortiSandbox Cloud 24.1 allows attacker to execute unauthorized code or commands via specifically crafted HTTP requests.
SQL Injection
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Fortinet Fortisandboxcloud or by Fortinet? Click the Watch button to subscribe.
